Connect with us

Interviews

Enterprise IT Departments Are Having to Rethink Their Approach to Security

Published

on

Steve Foster, the Head of Solutions Engineering for MEA at Netskope, says early adopter organizations have already moved to architectures like SASE and SSE, that better support a Zero Trust approach

How has the Zero Trust Network Architecture evolved since it was first coined in 2010?
Since its introduction as a counterpoint to the implicit trust that exists on the internet, Zero Trust has become well-recognised as a methodology requiring explicitly proven trust before access is allowed. Recently it has evolved from a singular concept into a broad set of terms used so much and so widely that it has almost lost its meaning. Our field CTO Steve Riley was actually the first person to use the phrase Zero Trust Network Access (ZTNA) – when he was an analyst at Gartner – but ZTNA has also evolved over recent years.

Originally it championed the idea of “trust nothing”, but it is now better suited to practical use, driving towards the idea of “trust nothing without adequate and continuous authorization”. Fundamentally, ZTNA takes us from the perimeter-based security model where – once you are through the perimeter – you have open access to everything, to an access model that requires users, devices, and applications to continually prove they are authorised before accessing only the specific resources they have been allowed.

Do you believe that technologies that support zero trust are moving into the mainstream?
When we see global government entities and national security organisations mandating Zero Trust architectures we know the technology is moving mainstream – and that is exactly what is happening at the moment. Two of the key technology architectures for supporting a zero-trust approach to network and application access are SASE and SSE. While traditional perimeter security tools are still available, they are an investment in legacy technologies.

Early adopter organizations have already moved to architectures like SASE and SSE, that better support a Zero Trust approach, and now we are starting to see a majority of organizations doing likewise. This is a sure sign that the technologies supporting a Zero Trust architecture are now mainstream.

Do you believe that enterprise IT departments today require a new way of thinking because the castle itself no longer exists in isolation as it once did?
Enterprise IT departments are having to rethink their approach to security in a world where locking everything down is no longer an option. Users, applications, data, networks – everything was once able to be hermetically sealed against both infiltration and exfiltration, but this is no longer the case.

Security and networking architectures are all being swiftly rethought with a view to enablement rather than restriction. The question IT departments are asking themselves is; how do we provide access without losing all security, or how do we maintain security without limiting productivity? It’s that quest for balance between access and security that is the new tension.

How can companies get started with zero trust?
Zero Trust can seem like an impossibly large project, so I always suggest identifying a starting point where you can make the most impact as quickly as possible. The enterprise perimeter is where the most current risk lies, so I recommend focussing on ZTNA for access to internal resources, where micro-segmentation will prevent lateral movement between resources. Once you have implemented ZTNA, move on to other initiatives to extend a Zero Trust approach throughout your technology infrastructure. For example, pilot a remote browser isolation solution, scan all data at rest in the public cloud for external shares, and start scanning containers that your developers are creating for new apps.

Industry experts have warned that cyber-attacks will be focused on techniques that zero trust controls can’t mitigate. What according to you can be done to address this?
Adopting a Zero Trust approach would be beneficial in mitigating wider cyber risks, but it is important to understand there are always limits to any security measure. With this in mind, it’s important to identify and shore up any blind spots.

Ensuring you have Multi-Factor Authentication in place and removing administrator rights on all end-user devices are good starts, but make sure you also know where your most valuable assets are, and segment them off from the wider network so you can limit any damage if there is a breach elsewhere. You could also make sure you are not exposing them to the outside (directly on the internet) instead of putting them behind a ZTNA wall which will limit what damage a cyber-attack can do.

What according to you are the limitations of zero trust?
Because Zero Trust is not a product, it can’t be bought and installed in one sitting to mitigate cyberrisks. For this reason, it is likely to be rolled out as separate projects leaving gaps that could be exploited. Unwinding existing legacy technologies as part of a migration to Zero Trust can also leave some points of exposure. These can of course be mitigated by picking the right projects to start your journey with (start small and scale slowly), while always keeping the principles of Zero Trust in mind.

GISEC

ManageEngine @ GISEC Global 2025: AI, Quantum Computing, and Ransomware Form Part of Cybersecurity Outlook for 2025

Published

on

As AI-powered attacks and quantum computing reshape the cyber threat landscape, organizations must rethink traditional defense strategies. In an exclusive interview, Sujoy Banerjee, Associate Director at ManageEngine, reveals how businesses can prepare for 2025’s most critical threats—from AI-generated phishing scams to quantum-decrypted ransomware (more…)

Continue Reading

GISEC

Positive Technologies @ GISEC Global 2025: Demonstrating Cutting-Edge Cyber Threats and AI Defense Strategies

Published

on

At GISEC Global 2025, Positive Technologies showcased live demonstrations of sophisticated hacking techniques while emphasising the growing role of AI in both cyber attacks and defense. In an exclusive interview with Security Review, Ilya Leonov, the Regional Director at Positive Technologies revealed insights about the Middle East’s evolving threat landscape, their work with regional governments, and why investing in human expertise remains critical despite advancing technologies (more…)

Continue Reading

GISEC

Group-IB @ GISEC Global 2025: Tackling Evolving Cyber Threats with Localised Intelligence and AI

Published

on

At this year’s GISEC Global, cybersecurity firm Group-IB showcased its expanding role in combating increasingly sophisticated cyber threats. In an exclusive interview with Security Review, Ashraf Koheil, the META Director of Business at Group-IB, discussed the company’s growing presence at GISEC, emerging cybercrime trends, and how their AI-powered threat intelligence platform is helping businesses and governments stay ahead of attackers (more…)

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.